From 020370dcf658eb4b7066e440fd1ccff1e607edb4 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <stephenfin@redhat.com>
Date: Thu, 29 May 2025 18:04:51 +0100
Subject: [PATCH] api: Add log when creating unscoped token

Otherwise you get different behavior depending on the user used, if
some have default projects set and others do not.

Change-Id: I7c347af983cb8af9be9d19a010fa0f5bf20ab804
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
(cherry picked from commit b6f955b8e40ef3f0bc7388f9c6de406069c6870b)
---
 keystone/api/_shared/authentication.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/keystone/api/_shared/authentication.py b/keystone/api/_shared/authentication.py
index 6d58df2078..e1839566f2 100644
--- a/keystone/api/_shared/authentication.py
+++ b/keystone/api/_shared/authentication.py
@@ -56,7 +56,12 @@ def _check_and_set_default_scoping(auth_info, auth_context):
 
     default_project_id = user_ref.get('default_project_id')
     if not default_project_id:
-        # User has no default project. He shall get an unscoped token.
+        # User has no default project. They shall get an unscoped token.
+        msg = (
+            "User %(user_id)s doesn't have a default project. "
+            " The token will be unscoped rather than scoped to a project."
+        )
+        LOG.debug(msg, {'user_id': user_ref['id']})
         return
 
     # make sure user's default project is legit before scoping to it